documentation sources
|
@ -0,0 +1,36 @@
|
|||
PANDOC=pandoc
|
||||
PANDOCFLAGS=--standalone --smart --toc --number-sections --latex-engine=xelatex --variable geometry=margin=3cm --variable lang=french --variable mainfont=Cantarell --variable fontsize=12pt -c pandoc.css
|
||||
SRCS=$(wildcard *.md)
|
||||
IMAGES=$(wildcard images/*.png)
|
||||
PDFS=$(SRCS:%.md=%.pdf)
|
||||
HTMLS=$(SRCS:%.md=%.html)
|
||||
TEXS=$(SRCS:%.md=%.tex)
|
||||
ALL=$(PDFS) $(HTMLS) index.html
|
||||
|
||||
all: $(ALL)
|
||||
|
||||
index.html: $(SRCS) index.html.build
|
||||
echo $(IMAGES)
|
||||
sh ./index.html.build > index.html
|
||||
|
||||
%.pdf: %.md $(IMAGES) Makefile
|
||||
$(PANDOC) $(PANDOCFLAGS) $< -o $@
|
||||
|
||||
%.tex: %.md
|
||||
$(PANDOC) $(PANDOCFLAGS) $< -o $@
|
||||
|
||||
%.html: %.md
|
||||
$(PANDOC) $(PANDOCFLAGS) $< -o $@
|
||||
|
||||
%.txt: %.md
|
||||
$(PANDOC) $(PANDOCFLAGS) $< -o $@
|
||||
|
||||
.PHONY:
|
||||
|
||||
tex: $(TEXS)
|
||||
|
||||
clean:
|
||||
rm -f index.html $(PDFS) $(HTMLS) $(TEXS) $(SRCS:%.md=%.aux) $(SRCS:%.md=%.log) $(SRCS:%.md=%.out) $(SRCS:%.md=%.toc)
|
||||
|
||||
publish: $(ALL)
|
||||
rsync -av * doc.entrouvert.org:/var/vhosts/doc.entrouvert.org/web/supann/
|
|
@ -0,0 +1,110 @@
|
|||
% UAuth: Portail captif dans le Cloud
|
||||
% Configuration pfSense
|
||||
% Entr'ouvert SCOP -- http://www.entrouvert.com
|
||||
|
||||
Ce document spécifie les étapes de configuration d'un portail captif pfSense
|
||||
pour son raccordement à la plateforme U-Auth.
|
||||
|
||||
Configuration d'un portail captif pfSense
|
||||
=========================================
|
||||
|
||||
Dans le menu __Services/Captive Portal__
|
||||
|
||||
\ ![images/pfsense_home.png](images/pfsense_home.png)
|
||||
|
||||
ajouter une nouvelle zone:
|
||||
|
||||
\ ![images/pfsense_new_zone.png](images/pfsense_new_zone.png)
|
||||
|
||||
|
||||
Configurer la zone ainsi créée:
|
||||
|
||||
1. activer la zone:
|
||||
|
||||
\ ![images/pfsense_activate_zone.png](images/pfsense_activate_zone.png)
|
||||
|
||||
|
||||
2. configurer l'URL de redirection vers le page de connexion U-Auth:
|
||||
|
||||
\ ![images/pfsense_config_redirect_url.png](images/pfsense_config_redirect_url.png)
|
||||
|
||||
3. configurer l'authentification Radius:
|
||||
* protocole d'authentification: PAP
|
||||
* adresse IP du serveur U-Auth: 176.31.146.80
|
||||
* secret partagé: testing123
|
||||
|
||||
\ ![images/pfsense_radius_config.png](images/pfsense_radius_config.png)
|
||||
|
||||
4. définir un nom local pour le portail captif:
|
||||
|
||||
\ ![images/pfsense_server_name.png](images/pfsense_server_name.png)
|
||||
|
||||
5. desactiver le HTTPS Forwards
|
||||
|
||||
\ ![images/pfsense_disable_https_forwards.png](images/pfsense_disable_https_forwards.png)
|
||||
|
||||
6. personnaliser la page d'authentification du portail captif en chargeant un fichier html contenant obligatoirement la variable `$PORTAL_REDIRURL$`:
|
||||
|
||||
\ ![images/pfsense_portal_page.png](images/pfsense_portal_page.png)
|
||||
|
||||
Example de fichier:
|
||||
|
||||
```html
|
||||
<html>
|
||||
<head>
|
||||
<title>You are being redirected to authentication page</title>
|
||||
</head>
|
||||
<body>
|
||||
<h3>You are being redirected to authentication page</h3>
|
||||
<p>If you are not redirected, please
|
||||
<a id="redirect" href="$PORTAL_REDIRURL$">click here</a></p>
|
||||
<script type="text/javascript">
|
||||
var redir = document.getElementById('redirect');
|
||||
redir.href += window.location.search;
|
||||
window.location.href="$PORTAL_REDIRURL$" + window.location.search;
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
```
|
||||
|
||||
7. Autoriser le portail captif à acceder à U-Auth et les fournisseurs d'identité de la fédération:
|
||||
|
||||
\ ![images/pfsense_allowed_ips.png](images/pfsense_allowed_ips.png)
|
||||
|
||||
|
||||
8. Dans le resolver DNS local rajouter le nom et l'adresse locale du portail captif:
|
||||
|
||||
\ ![images/pfsense_dns_resolver.png](images/pfsense_dns_resolver.png)
|
||||
|
||||
\ ![images/pfsense_add_host.png](images/pfsense_add_host.png)
|
||||
|
||||
|
||||
Test d'authentification
|
||||
=======================
|
||||
|
||||
Depuis un poste interne au réseau du portail captif aller sur une page(par exemple http://perdu.com):
|
||||
|
||||
\ ![images/pfsense_test_login1.png](images/pfsense_test_login1.png)
|
||||
|
||||
La page personnalisée, rédirigeant vers U-Auth, sera affichée:
|
||||
|
||||
\ ![images/pfsense_test_redirect.png](images/pfsense_test_redirect.png)
|
||||
|
||||
Si l'accès à la plateforme U-Auth a été bien autorisée au niveau du portail captif, la page de votre organisme avec la liste des fournisseurs d'identité sera affichée:
|
||||
|
||||
\ ![images/uauth.png](images/uauth.png)
|
||||
|
||||
En choisisant un fournisseur d'identité, également autorisé au niveau du portail captif, la mire de connexion est affichée:
|
||||
|
||||
\ ![images/idp_test_renater.png](images/idp_test_renater.png)
|
||||
|
||||
\ ![/idp_psl_dev.png](images/idp_psl_dev.png)
|
||||
|
||||
Une fois authentifié auprès du fournisseur d'identité l'utilisateur est autorisé au niveau du portail captif et est renvoyée vers la page demandée initiallement(dans cet exemple http://perdu.com)
|
||||
|
||||
La session utilisateur sera visible dans le dashboard du portail captif:
|
||||
|
||||
\ ![images/pfsense_dashboard.png](images/pfsense_dashboard.png)
|
||||
|
||||
|
||||
|
After Width: | Height: | Size: 100 KiB |
After Width: | Height: | Size: 44 KiB |
After Width: | Height: | Size: 54 KiB |
After Width: | Height: | Size: 76 KiB |
After Width: | Height: | Size: 64 KiB |
After Width: | Height: | Size: 57 KiB |
After Width: | Height: | Size: 118 KiB |
After Width: | Height: | Size: 51 KiB |
After Width: | Height: | Size: 95 KiB |
After Width: | Height: | Size: 173 KiB |
After Width: | Height: | Size: 45 KiB |
After Width: | Height: | Size: 66 KiB |
After Width: | Height: | Size: 67 KiB |
After Width: | Height: | Size: 49 KiB |
After Width: | Height: | Size: 104 KiB |
After Width: | Height: | Size: 38 KiB |
After Width: | Height: | Size: 115 KiB |
|
@ -0,0 +1,33 @@
|
|||
#!/bin/bash
|
||||
|
||||
cat << EOT
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|
||||
<title>Documentation</title>
|
||||
<link rel="stylesheet" type="text/css" media="all" href="http://www.entrouvert.com/static/eo/css/eo.css">
|
||||
<link rel="stylesheet" type="text/css" media="all" href="/skin/eo.css">
|
||||
<link rel="stylesheet" type="text/css" media="all" href="pandoc.css">
|
||||
</head>
|
||||
<body>
|
||||
<h1 id="logo">
|
||||
<a href="/"><img src="http://www.entrouvert.com/static/eo/img/logo.png" alt="Entr'ouvert"></a> Gestion d'identité SUPANN — Documentation</h1>
|
||||
<dl class="doc-index">
|
||||
EOT
|
||||
|
||||
for MD in configuration-pfsense.md
|
||||
do
|
||||
F=`basename $MD .md`
|
||||
TITLE=`head -1 $F.md | sed 's/.*-- //'`
|
||||
cat << EOT
|
||||
<dt><a href="$F.html">$TITLE</a>
|
||||
[<a href="$F.pdf">PDF</a>]</dt>
|
||||
<dd><p></p></dd>
|
||||
EOT
|
||||
done
|
||||
|
||||
cat << EOT
|
||||
</body>
|
||||
</html>
|
||||
EOT
|
|
@ -0,0 +1,128 @@
|
|||
@font-face {
|
||||
font-family: 'Museo500';
|
||||
src: url(fonts/Museo500-Regular.otf);
|
||||
font-weight: normal;
|
||||
font-style: normal;
|
||||
}
|
||||
|
||||
@font-face {
|
||||
font-family: 'MuseoSlab';
|
||||
src: url(fonts/Museo_Slab.otf);
|
||||
font-weight: normal;
|
||||
font-style: normal;
|
||||
}
|
||||
|
||||
@font-face {
|
||||
font-family: 'Cantarell';
|
||||
src: local('Cantarell'), local('Cantarell Regular'),
|
||||
url(fonts/Cantarell-Regular.otf);
|
||||
}
|
||||
|
||||
@font-face {
|
||||
font-family: 'Cantarell';
|
||||
font-weight: bold;
|
||||
src: local('Cantarell'), local('Cantarell Bold'), local('Cantarell-Bold'),
|
||||
url(fonts/Cantarell-Bold.otf);
|
||||
}
|
||||
|
||||
body {
|
||||
margin: auto;
|
||||
padding-right: 1em;
|
||||
padding-left: 1em;
|
||||
max-width: 60em;
|
||||
/* border-left: 1px solid black;
|
||||
border-right: 1px solid black; */
|
||||
color: black;
|
||||
line-height: 140%;
|
||||
color: #000;
|
||||
font-family: Cantarell, Roboto, 'Droid Sans', Ubuntu, 'DejaVu Sans', Arial, sans-serif;
|
||||
}
|
||||
|
||||
h1, h2, h3, h4 {
|
||||
font-family: 'Museo500', 'Roboto';
|
||||
}
|
||||
|
||||
pre {
|
||||
border: 1px dotted gray;
|
||||
background-color: #ececec;
|
||||
color: #000;
|
||||
padding: 0.5em;
|
||||
}
|
||||
code {
|
||||
font-family: monospace;
|
||||
}
|
||||
h1 a, h2 a, h3 a, h4 a, h5 a {
|
||||
text-decoration: none;
|
||||
color: #000;
|
||||
}
|
||||
h1, h2, h3, h4, h5 {
|
||||
color: #000;
|
||||
}
|
||||
h1 {
|
||||
padding-top: 1em;
|
||||
margin-top: 4em;
|
||||
border-top: 2px solid black;
|
||||
font-size: 200%;
|
||||
}
|
||||
|
||||
h2 {
|
||||
/* border-bottom: 1px dotted black; */
|
||||
font-size: 150%;
|
||||
padding-top: 1em;
|
||||
}
|
||||
|
||||
h3 {
|
||||
font-size: 120%;
|
||||
}
|
||||
|
||||
h4 {
|
||||
font-size: 90%;
|
||||
font-style: italic;
|
||||
}
|
||||
|
||||
h5 {
|
||||
font-size: 90%;
|
||||
font-style: italic;
|
||||
}
|
||||
|
||||
h1.title {
|
||||
font-size: 200%;
|
||||
font-weight: bold;
|
||||
padding-top: 0.2em;
|
||||
padding-bottom: 0.2em;
|
||||
text-align: left;
|
||||
border: none;
|
||||
}
|
||||
|
||||
h2.author {
|
||||
text-align: right;
|
||||
}
|
||||
|
||||
div#TOC {
|
||||
padding: 20px;
|
||||
background: #ccc;
|
||||
}
|
||||
|
||||
dt code {
|
||||
font-weight: bold;
|
||||
}
|
||||
dd p {
|
||||
margin-top: 0;
|
||||
}
|
||||
|
||||
#footer {
|
||||
padding-top: 1em;
|
||||
font-size: 70%;
|
||||
color: gray;
|
||||
text-align: center;
|
||||
}
|
||||
div.figure {
|
||||
padding-top: 1em;
|
||||
padding-bottom: 1em;
|
||||
border: 1px solid black;
|
||||
text-align: center;
|
||||
}
|
||||
p.caption {
|
||||
font-size: 80%;
|
||||
font-style: italic;
|
||||
}
|